Mob list pointer

09/06/2024 18:41 hanibalbin#1
So i'm searching through stuff with cheat engine and i find this thing.
Found the character manager and noticed some CInstanceBases around, first one seems to be my character and at 0x34, 0x38, there are just 3, max 4 instances of that class while in the game there are dozens of entities.
Am i searching in the wrong place?
[Only registered and activated users can see links. Click Here To Register...]
09/14/2024 21:21 MrCrisp#2
0x24 seems to be the pointer you are looking for since the size of the instance map is stored right after the pointer (seems to be 101 in your case. Does this make sense?)
0x2C is the DeadInstanceMap pointer, and the 0 after the pointer is the size of this map. You can verify this by killing some mobs.
09/20/2024 10:33 hanibalbin#3
yea, it seems like that's the case but whatever i do the game crashes once i dereference the pointer or i get a MyHead was nullptr in the map implementation source file.

I had a look at the C4US multihack implementation of std80-110 of map but i can't make it work, copy pasted gives 30 or something errors and managed to fix them but it still does not work.
09/21/2024 21:55 MrCrisp#4
Maybe a snippet of your code would help.
09/24/2024 08:12 hanibalbin#5
Yea so this is the entity struct and the initialization part
Code:
namespace Entity
{
		struct Vector3
		{
				float x, y, z;
		};

		class Mob
		{
		public:
				char pad_0000[96];   // 0x0000
				char entityName[20]; // 0x0060
				char pad_0074[4];    // 0x0074
				int32_t vid;         // 0x0078
				char pad_007C[68];   // 0x007C
				int32_t level;       // 0x00C0
				char pad_00C4[680];  // 0x00C4
				float fRot;          // 0x036C
				char pad_0370[24];   // 0x0370
				Vector3 location;    // 0x0388
				char pad_0394[3008]; // 0x0394
		}; // Size: 0x0F54
} // namespace Entity
using TCharacterInstanceMap = std::map<DWORD, Entity::Mob*>;
inline TCharacterInstanceMap kAliveInstance;

void GamePointers::Init()
{
		void* base = GetModuleHandle(0);
		CPythonNetworkStream = *reinterpret_cast<uintptr_t*>(Scanner::PatternScan(base, Signature::CPythonNetworkStream.signature) + 0x2);
		CPythonCharacterManager = CPythonNetworkStream + 0x20;
		testPtr = *reinterpret_cast<uintptr_t*>(Scanner::PatternScan(base, Signature::InstanceMap.signature) + 0x2); // 98
		kAliveInstance = *reinterpret_cast<TCharacterInstanceMap*>(*reinterpret_cast<uintptr_t*>(*reinterpret_cast<uintptr_t*>(CPythonCharacterManager + 0x24) + 0x4));
}
And here is the rest, [Only registered and activated users can see links. Click Here To Register...]